| P2P Botnet is a kind of network composed of malicious programs (P2P bots), which caninitiate and serve requests, and transfer commands by direct exchange. Studying P2P botnetdetection technology, including discovering command-and-control (C&C) structure of P2Pbotnet and network communication topology structure, and exploiting communitydiscovering algorithm to find out the possible P2P botnet nodes in the network, will providevaluable information for attacking, exploiting and defending P2P botnet.In this paper, we study P2P botnet detection technology, then design and implement aprototype system. Main works and contributions of this thesis are listed as follows:1. We analyze the domestic and foreign research situations of P2P botnet, and point outexisting problems as follows: existing P2P botnet detection approaches focus ondetecting processes or malicious traffic, not suitable for exploiting the C&Crelationship among them to do detection.2. We present a solution of detecting P2P botnet. Firstly, specify the concepts related toP2P botnet; secondly, point out the typical features of P2P botnet; at last, based onthe features excute algorithm to detect P2P botnet.3. A P2P botnet detection algorithm is proposed, extract flows from packets and somefiltration, and thus determine C&C flows and C&C structure. Then we get thenetwork communication topology structure related to C&C structure. Finally wedetect P2P botnet based on community discovery algorithm. We describe themechnism of algorithms in detail, and the characteristics and the performance of thealgorithms are analyzed.4. The prototype system of detecting P2P botnet is designed and implemented. Theexperimental results show that we can effectively detect P2P botnet based oncommunity discovery method, with high true positive rate. |
PDF Full Text Request